Lesson 1: Configuring FTP 389
Once you have downloaded and installed FTP 7, you can launch IIS Manager to configure
server settings. Figure 7-12 shows the available FTP-related options for Default Web Site.
Figure 7-12 Viewing FTP options for Default Web Site in IIS Manager
Managing FTP Sites
After you have installed and configured FTP 7, you can use IIS Manager to create and configure
FTP sites. In this section, you will learn how to create new FTP sites and how to add FTP func-
tionality to an existing Web site.
Creating a New FTP Site
You can create new FTP sites to support different groups of users or to provide access to dif-
ferent sets of files. To create a new FTP site, right-click either the server object or the Sites
folder in the left pane of IIS Manager, and then select Add FTP Site. This will start the Add FTP
Site Wizard. The first page prompts you for information about the name of the site. (See Figure
7-13.) This name will be used for administration purposes, so you should choose a descriptive
name if you plan to host multiple FTP sites on the same server. The Physical Path setting
enables you to specify the root folder for the FTP site. You can choose any existing folder path,
but many installations will use a subfolder within the %SystemDrive%\Inetpub folder.
390 Chapter 7 Configuring FTP and SMTP Services
Figure 7-13 Adding a new FTP site by using IIS Manager
On the second page of the process, you can specify the binding and SSL settings for the new
FTP site. (See Figure 7-14.) The binding settings include the following options:
Q IP Address The default setting is for the FTP site to respond to all incoming requests on
any network adapter or IP address on the server. If the computer is configured with mul-
tiple network adapters or multiple IP addresses on the same adapter, you can choose a
specific address, using the drop-down list.
Q Port This is the TCP port on which the FTP site will respond. By convention, the
default port for FTP communications is port 21. If you choose a different port, FTP users
will be required to configure their FTP client software to connect by using the server’s
port number.
Q Virtual Host Administrators can create multiple Web sites that respond on the same IP
address and port through virtual host names. These names rely on Domain Name Sys-

tem (DNS) entries to determine to which site users will connect. Users can also include
the virtual host name as part of their logon name to specify to which site they want to
log on.
Lesson 1: Configuring FTP 391
Q Start FTP Site Automatically When this option is enabled, the FTP site will start auto-
matically and whenever the computer is rebooted or the FTP service is restarted. If you
plan to start the FTP site manually whenever it is required, disable this option.
Figure 7-14 Configuring Binding And SSL Settings for a new FTP site
You can also select an SSL Certificate and whether to allow or require Secure Socket Layer (SSL)
connections for this FTP site. You will learn more about these options later in this section.
On the Authentication And Authorization Information page, you specify how security will be
managed for the new FTP site. (See Figure 7-15.)
When you click the Finish button, the new FTP site will be created and added to the left pane
of IIS Manager. When you select the FTP Site object, you can use the commands in the Actions
pane to start, restart, or stop the FTP site. You will also see a list of all the configuration options
for the FTP site in the center pane of IIS Manager. (See Figure 7-16.)
392 Chapter 7 Configuring FTP and SMTP Services
Figure 7-15 Configuring Authentication And Authorization Information settings for a new FTP site
Figure 7-16 Viewing FTP-related options in IIS Manager
Lesson 1: Configuring FTP 393
Understanding FTP 7 Configuration Files
All configuration settings for FTP 7 sites are stored in the XML-based .config files. You can view
and edit these settings, using a text editor. Server-level settings for both Web sites and FTP
sites are stored within the ApplicationHost.config file. For more information about using these
configuration files and for performing configuration backups, see Chapter 5.
Creating Virtual Directories
You can easily organize content through physical folders within an FTP site. For example, you
can create a folder hierarchy for different types of applications and data. In some cases, how-
ever, you will want to provide access to content that is not located within the FTP root folder.
To do this, you can create virtual directories. Virtual directories are pointers to folder locations

and can be nested within other virtual directories or physical folders. Assuming that users
have the appropriate permissions, they will see the virtual directory as if it were a physical
folder. All upload and download operations, however, will be directed to the physical folder.
Virtual directories are useful when you want some content to be shared between multiple
physical sites or when you do not want to move or copy the data to the FTP root folder.
To create a new virtual directory, right-click the parent object in the left pane of IIS Manager
and select Add Virtual Directory. This will launch the Add Virtual Directory dialog box. (See
Figure 7-17.) Site Name and Path information shows you details about the location in which
the new virtual directory will be created. Alias is the name of the folder as users of the site will
see it. The Physical Path setting specifies the full physical location of the content that you want
to make available.
Figure 7-17 Adding a new virtual directory to an FTP site
394 Chapter 7 Configuring FTP and SMTP Services
By default, virtual directories will use Pass-Through Authentication for determining whether
users have permissions to access the content. This means that the user account used during
logon must have permissions on the content folder. You can change this behavior by clicking
Connect As and selecting the Specific User option. You will then be able to provide a username
and password for a specific account. When the Specific User account option is enabled, all
requests for information stored in the physical path you specify will be performed using that
user’s security context.
Configuring Advanced FTP Site Properties
In addition to the standard properties available in Features View of IIS Manager, you can also
configure Advanced Settings options. To access these settings, click Advanced Settings in the
Actions pane. Figure 7-18 shows the available options and their default values.
Figure 7-18 Configuring Advanced Settings for an FTP site
The Behavior section includes options for fine-tuning the settings of the FTP site. The Connec-
tions section enables you to control data channel timeouts (in seconds) as well as a maximum
number of connections. These settings can be helpful for managing performance on busy Web
and FTP servers. The File Handling section provides options for dealing with partial uploads
and allowing a session to perform actions while uploading data.

Managing FTP Site Bindings
FTP 7 provides a simplified method for Web site administrators to manage their content by
using FTP. In previous versions of FTP, administrators were required to configure a new site or
Lesson 1: Configuring FTP 395
virtual directories manually for accessing Web site content. You can now add a new FTP site
binding to a Web site to provide access automatically to FTP clients. This is useful when you
want to allow remote administrators and Web developers to access or modify the contents of
specific Web sites.
To add a new FTP binding, select a Web site in IIS Manager, and then click Bindings. Click the
Add button to create a new site binding. (See Figure 7-19.)
Figure 7-19 Adding a new FTP site binding to an existing Web site
In the Add Site Binding dialog box, you will be able to change the Type setting to FTP. You can
then enter IP address, port, and host name information for determining how users will be able
to access the FTP site. After you have added an FTP binding, you will see a grouping for FTP-
related commands in Features View of IIS Manager. You can use these features to modify the
settings of the FTP site binding in the same way as you would for a standalone Web site. You
will also see a new Manage FTP Site section in the Actions pane. An FTP site that is part of a
Web site can be started, stopped, and restarted independently of the Web site.
IMPORTANT FTP port numbers and security
Changing the port from the default setting of port 21 can add a little extra security to an FTP
server configuration. Casual intruders will often attempt to connect to this port to find unprotected
FTP servers. In general, however, the idea of “security through obscurity” is not the best solution.
Simply making an FTP server harder to find will not address the most important security issues.
Always remember to use other security features such as firewall settings, authentication settings,
and authorization rules in conjunction with site bindings.
Managing FTP User Security
Users can upload and download sensitive data through FTP servers, and you can choose from
several methods to control which individuals have access to specific content. In this section,
you will learn about authentication, authorization, and user isolation settings.
396 Chapter 7 Configuring FTP and SMTP Services

Configuring Authentication Options
You can use Authentication settings for an FTP site to determine how users can access the con-
tent stored on the site. There are several built-in methods for managing authentication. To con-
figure these settings in IIS Manager, select the FTP site object, and then double-click FTP
Authentication in Features View. Figure 7-20 shows an example of authentication options. You
can enable or disable various authentication options, using the Actions pane. The Edit com-
mand in the Actions pane enables you to specify additional details for the selected authentica-
tion method.
Figure 7-20 Viewing FTP Authentication settings for an FTP site
Anonymous Authentication allows all users that connect to the site to access content regard-
less of the credentials they provide. Use this option when you plan to make the content avail-
able to all visitors to the FTP site or when you are using other security methods to restrict
access to the site. When an FTP user makes a request to read or write data, Anonymous
Authentication will use a specified user account to validate permissions. The default setting is
to use the built-in IUSR account for this purpose. You can assign a specific Windows account
by clicking the Edit command in the Actions pane. You can then provide a specific user iden-
tity for use by Anonymous Authentication. (See Figure 7-21.)
Basic Authentication requires visitors to the Web site to provide credentials for a valid Windows
user account. The account can be a local Windows username and password or can belong to
an Active Directory domain if the server is a member of a domain. It is important to remember
that, by default, credentials sent to the FTP server are sent in clear text. This can present a secu-
rity risk, especially for FTP connections that are made over the Internet. You will use Basic
Lesson 1: Configuring FTP 397
Authentication primarily when you want to restrict FTP-based access to content based on user
credentials.
Figure 7-21 Modifying Anonymous Authentication Credentials settings
You can also choose from two other authentication methods by selecting the Custom Provid-
ers command in the Actions pane. IIS Manager Authentication (IISManagerAuth) configures
the Web site to accept credentials for an IIS Manager User. This method is useful when you
want to restrict access to the FTP site to specific users who do not have Windows accounts on

the local FTP server. The IIS Management role service must be installed and enabled before
you can use this authentication method. For more information about creating and managing
IIS Manager Users, see Chapter 6, “Managing Web Server Security.” Like Basic Authentication
credentials, the username and password information is sent in clear text between the FTP cli-
ent and the FTP server.
ASP.NET Authentication (AspNetAuth) relies on the .NET user management framework for
authentication. It is useful when you have created an ASP.NET Web site that validates user cre-
dentials. It is common for Web applications to use credentials data stored in a database to val-
idate access and permissions to the site.
Defining FTP Authorization Rules
You can use FTP Authorization rules to determine which users have access to specific content
within the FTP site. Authorization rules can be defined at the level of the FTP site or for spe-
cific logical or virtual folders. These capabilities provide you with the flexibility to implement
granular authorization rules based on the type of content that should be available to users.
There are two types of authorization rules: Allow Rules and Deny Rules. By default, a new FTP
site will not have any predefined authorization rules. You can use the commands in the
Actions pane to create new rules. Figure 7-22 shows the available options when creating a
new rule.
398 Chapter 7 Configuring FTP and SMTP Services
Figure 7-22 Adding an Allow FTP Authorization rule
Allow and Deny rules can apply to the following types of users:
Q All Users
Q All Anonymous Users
Q Specified Roles Or User Groups
Q Specified Users
After you select to which users or groups the rule will apply, you can select whether the user
will have read, write, or read and write permissions.
Configuring FTP User Isolation Options
When you are managing access permissions and settings for an FTP server, a common require-
ment is to provide individual users with their own folders and directories. Users should be

able to upload and download files from their own folders but should be prevented from
accessing those that belong to other users. The FTP User Isolation feature enables you to con-
figure these settings. To modify the settings, select an FTP site in IIS Manager, and then open
the FTP User Isolation feature. (See Figure 7-23.)
The default selection for user isolation settings is FTP Root Directory. This option configures
the server to start users in the FTP root directory, as you defined when you created the FTP
site. This setting is most appropriate when you want all users to be able to access the same con-
tent. You can then use authorization rules to define permissions further on specific folders.
The User Name Directory option specifies that every user will have his or her own starting
folder based on the username that was provided. If the user-specific folder name does not
Lesson 1: Configuring FTP 399
exist, the user will be placed in the root directory of the FTP site. Remember that this default
folder setting is not designed as a security mechanism (at least when used by itself). If your
FTP site is configured to allow anonymous authentication, you can create a folder called
Default for these users.
Figure 7-23 Viewing FTP User Isolation options
Exam Tip You can manage FTP security settings through various features, including Authentica-
tion, Authorization, and IPv4 Address And Domain Restrictions. When you are implementing secu-
rity for an FTP site, keep in mind that the best solution will likely involve using these features
together to meet your goals. For example, you can use FTP User Isolation settings to determine
which files and content users will have access to. You can then use FTP Authorization Rules settings
to restrict access to specific content. Keep this in mind when you’re working with FTP server security
on production servers and when you’re taking Exam 70-643.
The remaining three options enable isolation for FTP users. You can use them to restrict access
to specific folders within the FTP site. The User Name Directory (Disable Global Virtual Direc-
tories) option will place users within a designated home directory based on the user account
that was used for logon. The user will be unable to navigate to the parent folder and, therefore,
will be prevented from accessing other folders. The user will not be able to see any global virtual
directories defined for the FTP site. You can enable users to access these directories by choosing
the User Name Physical Directory (Enable Global Virtual Directories) option.

400 Chapter 7 Configuring FTP and SMTP Services
To support FTP user isolation settings, you will need to create the appropriate folder structure
for your users. The folder location for each user can be a physical or virtual directory on the
server. The path to the folder is based on several variables:
Q FTPRoot The root folder for the FTP site.
Q UserName The name of the authenticated user as provided by the client during the
logon process.
Q UserDomain The name of the Windows domain used to validate credentials. This will
be the name of the local FTP server or, if the server is a member of a domain, the name
of the Active Directory domain.
The specific folder path you create is based on the authentication settings for the site and the
type of user who is attempting to access the content. Table 7-1 provides a list of the default
locations for each type of user account.
The final FTP user isolation option is FTP Home Directory Configured In Active Directory. You
can use this method to define users’ FTP folders within Active Directory, using the FTPRoot
and FTPDir variables. These properties exist in Active Directory domains that are running
Windows Server 2003 or later. (You can add the properties manually for Windows 2000
Server–based domains.) The Set button enables you to specify the credentials that will be used
to connect to Active Directory. When a user logs on to the FTP Server, the FTP server will
attempt to obtain these properties for the user. If the properties exist and the folder path is
valid, the user will be placed in that folder. Otherwise, the user will be prevented from access-
ing the server.
NOTE Creating user accounts by scripting
Creating individual folders for many user accounts at a time can seem like a time-consuming and
tedious task at first. Fortunately, this is an ideal job for scripting. You can obtain a list of user
accounts by using a variety of methods, including VBScript and Microsoft Windows PowerShell. You
can then use this information to execute commands that create the necessary folders. For more
information about scripting, visit the Microsoft TechNet Script Center at
/technet/scriptcenter.
Table 7-1

Default FTP Folder Locations For User Accounts
FTP User Account Type Home Directory Folder Location
Anonymous Users %FTPRoot%\LocalUser\Public
Local Windows Accounts %FTPRoot%\LocalUser\%UserName%
Domain Windows Accounts %FTPRoot%\%UserDomain%\%UserName%
IIS Manager or ASP.NET User Accounts %FTPRoot%\LocalUser\%UserName%
Lesson 1: Configuring FTP 401
Configuring IIS Manager Permissions
In many environments, it is common to have multiple administrators who must be able to con-
nect to and administer FTP sites and their contents. For example, a Web and FTP hosting pro-
vider might have separate administrators for each FTP site. You can allow other users to access
the site by using the IIS Manager Permissions feature. The Allow User command enables you
to add a new user who is defined within IIS Manager or who is based on a Windows account.
Authorized users can then use IIS Manager on their computers to connect to an FTP 7 server.
For more information about configuring IIS Manager Permissions settings, see Chapter 6.
Configuring FTP Network Security
FTP 7 provides numerous methods for ensuring that only authorized users can access an FTP
site. In this section, you’ll learn about using SSL, firewall settings, and IP address restrictions
to control access to FTP sites.
Configuring FTP SSL Settings
By default, all control channel and data channel communications between an FTP server and
client are sent in clear text. This is a serious security issue, especially when providing FTP
access over the Internet. For example, if packets are intercepted during the authentication pro-
cess, username and password information can be collected and used to access the site.
Administrators can encrypt communications between an FTP 7 server and an FTP client by
using the FTP over SSL (commonly referred to as FTP/S or FTPS) standard. To modify these
settings, select the appropriate FTP site in IIS Manager and double-click the FTP SSL Settings
feature. (See Figure 7-24.)
The first setting enables you to specify which SSL certificate will be used by the FTP site. For
more information about creating or obtaining SSL certificates, see Chapter 6. The SSL Policy

section provides three options. Allow SSL Connections specifies that users may use SSL con-
nections, but they can also connect to the server using an unencrypted connection. Require
SSL Connections forces all users to use SSL and prevents unencrypted connections, and the
Custom option enables you to specify different rules for the Control Channel and Data Chan-
nel. (See Figure 7-25.) You can use these options to minimize the performance overhead of
implementing encryption. For example, by requiring encryption only for credentials, you can
prevent usernames and passwords from being sent in clear text and still allow other control
commands and data transfer to occur without encryption.
402 Chapter 7 Configuring FTP and SMTP Services
Figure 7-24 Configuring FTP SSL settings, using IIS Manager
Figure 7-25 Configuring an advanced SSL policy for an FTP site
By default, the FTP SSL functionality will use a 40-bit encryption key strength. This reduces
the CPU performance overhead while still maintaining adequate security for most scenarios.
You can enable the Use 128-Bit Encryption For SSL Connections option to increase the
strength of the encryption (at the expense of performance).
Lesson 1: Configuring FTP 403
NOTE FTP security standards
The Secure Shell (SSH) standard can also be used to secure FTP communications. The combination
of these technologies is sometimes referred to as Secure FTP or SFTP. The use of SSH-based secu-
rity is not supported in Windows Server 2008 and FTP 7, but you might see this option in other FTP
server software or in FTP client connection options.
Users typically will configure their SSL settings in their FTP client software. When they
attempt to create a new connection, they will see a message that enables them to view and
accept the SSL certificate that is installed for the FTP server.
Managing FTP Firewall Options
To access an FTP server, firewalls must allow network traffic to be passed for both the control
channel and the data channel. When users connect to a Web server, the initial connection is
made using the port provided in the address. (The default is port 21 if none is provided.) How-
ever, for sending data channel information such as directory listings and files, the FTP server
can respond using a range of port numbers. If these ports are not allowed across the firewall,

users will be unable to use the full functionality of the site.
NOTE Troubleshooting common FTP connection issues
A common FTP connection issue is related to accessing an FTP server from across a firewall. Users
might report that they are able to connect to the FTP server and provide their authentication cre-
dentials. However, when they attempt to perform an action (such as listing the contents of a direc-
tory), they do not receive a response. This is a classic case of an issue with a firewall that is
restricting data channel communications. One option for resolving this issue is to enable passive
FTP connections on the FTP client. Another option is to reconfigure the firewall. Keep these symp-
toms in mind when you are troubleshooting FTP connection issues.
You can avoid this problem through the FTP Firewall Support feature in IIS Manager. (See Fig-
ure 7-26.) FTP 7 supports passive-mode FTP connections to specify the ports on which the
FTP server will respond to requests. The Data Channel Port Range setting enables you to spec-
ify the range of ports that will be used for sending responses to clients. You should use ports
between 1,024 and 65,535. The External IP Address Of Firewall setting enables the FTP server
to determine from where packets are being sent. This is useful for supporting SSL encryption
scenarios.
404 Chapter 7 Configuring FTP and SMTP Services
Figure 7-26 Configuring FTP firewall support options
Exam Tip Use the settings in the FTP Firewall Support feature to configure how the FTP site
responds to FTP commands and requests. It does not make any changes directly to the Windows
Server 2008 firewall configuration or to any other devices on the network. The terminology can
sometimes be confusing. When you’re taking Exam 70-643, remember to configure FTP Firewall
Support settings to work in conjunction with firewall settings and that you might have to change
your firewall’s configuration manually to meet the requirements.
Implementing IP Address and Domain Restrictions
You can increase the security of an FTP server by limiting from which network addresses spe-
cific FTP sites or folders can be accessed. To manage these settings, select an FTP site or folder
in IIS Manager, and then select the FTP IPv4 Address And Domain Restrictions feature. The
Actions pane provides two commands for managing rules: Add Allow Entry and Add Deny
Entry. IP address-based rules enable you to specify either a single IP address or a range of IP

addresses that is defined using a subnet mask. (See Figure 7-27.)
Use the Edit Feature Settings command in the Actions pane to specify the default action for IP
addresses that do not match any of the existing rules. The default setting, Allow, specifies that
these IP addresses will be allowed to connect. You can restrict access to only those clients that
match Allow Entries by selecting the Deny option.
Lesson 1: Configuring FTP 405
Figure 7-27 Adding a new IP address restriction rule for an FTP site
You can enable domain name restrictions through the Edit Feature Settings dialog box also.
Domain name restrictions are based on DNS domain names (such as extranet.contoso.com).
Although they can be easier to manage than specific IP address rules, the drawback is that
domain name restrictions can reduce performance significantly. This is because rules are eval-
uated based on performing a reverse DNS lookup operation, which can be time-consuming
and can create significant load on the DNS infrastructure.
IPv4 Address And Domain Restrictions settings are automatically inherited by child objects.
For example, restrictions defined at the level of an FTP site will automatically apply to all the
folders that are part of that site. You can override this behavior by creating explicit rules for
specific folders and virtual directories. You can also use the Revert To Parent command in the
Actions pane to remove any specific settings.
Managing FTP Site Settings
FTP 7 includes features for monitoring users and for improving the user experience. In this
section, you will learn about these configuration options and how you can monitor FTP site
usage.
Monitoring FTP Current Sessions
You can use the FTP Current Sessions feature for an FTP site to view which users are currently
connected to the server. (See Figure 7-28.) The details that are shown include:
Q User Name
Q Client IP Address
406 Chapter 7 Configuring FTP and SMTP Services
Q Session Start Time
Q Current Command

Q Previous Command
Q Command Start Time
Q Bytes Sent
Q Bytes Received
Q Session ID
Figure 7-28 Viewing a list of current sessions, using IIS Manager
Managing FTP Messages
You can use the FTP Messages feature to define text-based messages sent to clients. The spe-
cific types of text you can define are:
Q Banner This is the information that is presented initially when a user connects to the
FTP site.
Q Welcome This message is displayed after a user has successfully authenticated to the
FTP site.
Q Exit This message is displayed after the user chooses to end his or her connection and
is sent just prior to closing the connection.
Q Maximum Connections This message is displayed when the FTP server has reached its
maximum number of connections, and the user is unable to access the site.
Lesson 1: Configuring FTP 407
FTP messages often include warnings related to the intended use of the site and can provide
contact information for administrators of the site. (See Figure 7-29.)
Figure 7-29 Configuring FTP messages settings for an FTP site
You can prevent the default banner from being sent to the user by using the Message Behavior
section. This is useful when you do not want to disclose details about the purpose or function
of the site until users are authenticated. The Support User Variables In Messages option
enables you to use the following string values in your messages:
Q BytesReceived
Q BytesSent
Q SessionID
Q SiteName
Q UserName

When the variable name is surrounded by percent symbols (for example, %UserName%), the
FTP server will automatically replace the information with the appropriate value.
408 Chapter 7 Configuring FTP and SMTP Services
Configuring FTP Logging
FTP 7 can automatically create log files that keep track of the activity of the FTP site. By default,
information is stored to text files stored in the %SystemDrive%\Inetpub\Logs\LogFiles folder.
Separate folders are created for each FTP site created on the local machine. You can use the
FTP Logging option to modify the log file settings.
The Select W3C Fields command enables you to specify which types of information are
tracked for each command or request sent to the FTP server. Figure 7-30 shows the default
options, which are designed to provide a balance between providing detailed information and
reducing performance overhead and log file size.
Figure 7-30 Selecting which fields are included in FTP log files
You can use the Log File Rollover section to specify when new log files will be created. You can
also enable the Use Local Time For File Naming And Rollover option if you are managing FTP
servers in multiple time zones. The View Logs command in the Actions pane will open the
folder that contains the FTP log files. The files themselves are text documents that contain
comma-separated values. They can be viewed in Windows Notepad or by using third-party log
analysis software. In general, it is a good idea to review FTP server logs regularly to detect any
unauthorized activity or unexpected usage patterns.
Configuring Directory Browsing
One of the most commonly used commands sent by FTP clients is to request a directory list-
ing. Most FTP client software programs will automatically execute a LIST command whenever
the user changes the current working folder. You can configure these options by selecting the
FTP Directory Browsing feature after selecting a site in IIS Manager. (See Figure 7-31.) The
Lesson 1: Configuring FTP 409
Directory Listing Style options enable you to specify whether information should be returned
in MS-DOS (the default style) or UNIX style. The setting specifies how information is pre-
sented to an FTP client. Most FTP clients are able to handle both formats.
Figure 7-31 Configuring FTP Directory Browsing settings

You can use the Directory Listing Options section to specify which types of information are
included in the directory listing. The Virtual Directories option specifies whether the names of
virtual directories will be returned to the user. If you want to hide virtual directories from
users, disable this option. The Available Bytes option returns the amount of remaining disk
space for the FTP site. If disk quotas are enabled, the remaining space will be based on how
much storage space is left for the currently connected user. Enabling Four-Digit Years will
return all year information in four characters rather than in two.
Using FTP Client Software
Users can use several types of FTP client options for connecting to an FTP server. Windows
operating systems include the FTP command-line utility that provides basic text-based func-
tionality for connecting to an FTP server. This is useful for performing simple operations and
for testing Web site functionality. You can also place FTP commands within a batch file to auto-
mate common operations such as transferring backup files to a remote server.
In addition, you can use an FTP-capable Web browser, such as Windows Internet
Explorer, to connect to an FTP site. (See Figure 7-32.) The standard syntax for the URL is
410 Chapter 7 Configuring FTP and SMTP Services
ftp://ServerName. You can provide logon information and port details in the URL by using
the following syntax:
ftp://UserName:Password:ServerName:Port/Path
FTP URLs are helpful for providing quick access to files from Web sites. It is important to note
that, by default, all communications will occur using a clear text connection. Therefore, you
should generally use FTP URLs only for FTP sites that are intended for use by anonymous
users.
Figure 7-32 Connecting to an FTP site by using Internet Explorer 7
You can also use Windows Explorer to provide graphical access to an FTP site. (See Figure 7-33.)
This method gives you the benefits of using familiar commands and functions such as drag-and-
drop operations. To connect, simply enter the FTP URL in the Address bar of Windows
Explorer. You can also use the Open FTP Site In Windows Explorer command from the Page
menu of Internet Explorer 7 if you have already connected to an FTP site. Although some file
and folder management features are limited, this is a useful method by which even nontechni-

cal users can access FTP-based content.
Finally, there are numerous third-party FTP client software packages. You can find them by
doing a Web search for “ftp client software.” These products often provide advanced features
such as the ability to script common operations and automated methods for keeping multiple
folders synchronized with the same content.
Lesson 1: Configuring FTP 411
Figure 7-33 Using Windows Explorer to access an FTP site
Quick Check
1. When using FTP 7, what is the easiest way to prevent a particular group of users
from accessing a specific folder that is part of your FTP site?
2. How can you ensure that credentials sent for an Internet-accessible FTP site using
Basic Authentication are encrypted during transmission?
Quick Check Answers
1. FTP Authorization Rules can be used to set specific permissions on a portion of an
FTP site.
2. Enable FTP Over SSL (FTPS) for the FTP site using FTP 7. The process involves
obtaining a server SSL certificate and then requiring SSL for at least the passing of
credentials on the server.
PRACTICE Configuring and Testing FTP
In this practice, you will learn about the process of setting up an FTP site by using both FTP
6 and FTP 7. You will then connect to the new site by using the FTP command-line utility.
 Exercise 1 Use FTP 6 to Create a New Web Site
In this exercise, you will create a new Web site by using FTP 6. You will begin by enabling FTP
6. The steps assume that you have already installed the Web Server (IIS) server role, using the
default options, and that you have not yet installed the FTP Publishing Service role service.
412 Chapter 7 Configuring FTP and SMTP Services
1. Log on to Server2 as a user with Administrator permissions.
2. Open Server Manager. Expand the Roles section, right-click the Web Server (IIS) server
role, and then select Add Role Services.
3. On the Select Role Services page, select FTP Publishing Service. Note that this will auto-

matically install the FTP Server and FTP Management Console role services as well.
Click Next to continue.
4. On the Confirm Installation Selections page, verify the selections, and then click Install
to begin the installation process. When the installation is complete, click Finish.
5. In Server Manager, note that the FTP Publishing Service is installed for the Web Server
(IIS) Server role. Close Server Manager.
6. To configure the FTP server, launch Internet Information Services (IIS) 6.0 Manager
from the Administrative Tools program group.
7. Expand the node for Server2, and then expand the FTP Sites folder. Note that the
Default FTP Site object exists but has not been automatically started.
8. Right-click the Default FTP Site object, and then click Properties. Note the settings on
the FTP Site tab.
The default settings are for the FTP site to respond on all unassigned IP addresses by
using TCP port 21.
9. Click the Home Directory tab to view the file system location for the FTP site’s root
directory.
The default file system location is %SystemDrive%\Inetpub\Ftproot. The default permis-
sions are to allow only Read access to the contents of this folder.
10. When you are finished, click OK to close the Default FTP Site Properties dialog box.
11. Next, you will create some sample files for testing the FTP functionality. Using Windows
Explorer, open the root directory for the FTP site and create a new folder called FTPCon-
tents. Within this folder, create a new text file called TestFile.txt. Close Windows
Explorer.
12. In IIS 6.0 Manager, right-click the Default FTP Site object, and then click Start. This will
start Default FTP Site.
Next, you will use the FTP command-line utility to verify the configuration of the FTP
site.
13. Open a command prompt by selecting Command Prompt from the Start menu. Type
FTP Server2 to connect to the local FTP server.
Note that you do not need to provide a port number because the server is bound to the

default port, TCP port 21.
Lesson 1: Configuring FTP 413
14. At the User prompt, type the name of your Windows user account. Then, type your pass-
word when prompted. At the FTP prompt, type dir and press Enter to retrieve a list of
files located in the root folder for Default FTP Site. You should see the FTPContents
folder that you created in step 10.
15. Type cd FTPContents to change the active folder. Type dir to view a list of files. Type get
TestFile.txt to download a copy of the test file you created earlier to the local working
folder.
16. When you are finished, type quit to exit the FTP prompt. Then, close the command
prompt window.
17. When you are finished, close the IIS 6.0 Manager utility.
 Exercise 2 Use FTP 7 to Add an FTP Site Binding
In this exercise, you will create a new FTP site binding for Default Web Site, using FTP 7 and
IIS Manager. Before you begin this exercise, you must first remove FTP 6 if it is installed on
Server2.contoso.com. Then, download and install the FTP 7 package from
/downloads.
1. Log on to Server2 as a user who has Administrator permissions.
2. Open IIS Manager and connect to the local server.
3. Right-click the Default Web Site object in the left pane and select Edit Bindings. In the
Site Bindings dialog box, click Add.
4. In the Add Site Binding dialog box, select FTP for the Type setting. Use the default IP
Address setting of All Unassigned and the default port or port 21. Leave the Host Name
section blank, and then click OK to add the site binding.
5. Verify that a new site binding for the FTP protocol on port 21 has been created. Click
close on the Site Bindings dialog box.
6. To view the FTP-related options for the Default Web Site, click Refresh on the View menu
in IIS Manager.
You will now see an FTP section along with options for configuring FTP settings. The
Actions pane also includes commands for managing the FTP site.

7. In the Actions pane, click Advanced Settings in the Manage FTP Site section. Note that
the Physical Path setting is mapped to the root directory for the Default Web Site
(%SystemDrive%\Inetpub\Wwwroot). Click OK to continue.
8. In Features View of IIS Manager, double-click FTP Authentication. Note that, by default,
no authentication options are enabled. Enable the Basic Authentication and Anonymous
Authentication options by selecting them and then clicking the Enable command in the
Actions pane.
9. Click the Back button or the Default Web Site object to return to Features View.